Cost-effective solution for medium-sized businesses Watchdog by TEN IM is our managed SIEM (Security Incident & Event Management) solution that makes automated detection of attacks and vulnerabilities accessible to SMEs. We are often asked: how does it actually work? And what technologies are behind it? Watchdog by TEN IM is based on open source technologies […]
In discussions with customers and interested parties, we are repeatedly confronted with the statement that security investigations (penetration tests and vulnerability scans) are not necessary in cloud scenarios because the cloud provider (e.g. Amazon Web Services, Microsoft Azure, Google Cloud, Hetzner Cloud) ensures the security of the environments. This is a widespread misconception, which we would like to explain in more detail in this article.
What is actually the difference between a Vulnerability Scan and a Penetration Test? There seem to be interesting misconceptions about this, as we would like to show with the following practical example.
ISO 27001 – Management of technical vulnerabilities The newly published ISO 27001:2022 in October 2022 brings a restructured catalogue of measures. Among other things, the new measure A.8.8 – Management of technical vulnerabilities – was introduced. This requires the operator of an ISMS to obtain information about technical vulnerabilities of the information systems used, to […]
Efficient protection through 2-factor authentication Multi-factor authentication (MFA) or mostly 2-factor authentication is on everyone’s lips. You read a lot about the benefits – and yet you are often annoyed when “the second factor” has to be specified again – usually this is perceived as a nuisance. And yet this technology offers unbeatable advantages for […]
Instant 27001, the simple and pragmatic documentation system for information security management systems (ISMS) according to the international standard ISO 27001, is now also available for Microsoft 365 in addition to Atlassian Confluence. Seamless integration into Microsoft environment Together with ISOPlanner, Instant 27001 provides a simple and scalable platform that seamlessly integrates into your Microsoft […]
“The cloud is another name for “someone else’s computer,” and you need to understand how much or how little you trust that computer.” (Bruce Schneier). The quote comes from the context of the LastPass breach in 2022, in which attackers were able to allegedly compromise the well-known password manager LastPass and prompted us to take […]
Every company that uses Microsoft technologies is familiar with this: its own Windows environment is constantly growing, numerous settings are changed in the Active Directory every day, objects are created and deleted again. What about the dangers that can arise from faulty Active Directory configurations? This is an aspect of IT security that is almost […]
Small and medium-sized enterprises in particular have some catching up to do When it comes to the timely detection of IT security and cyber security incidents, small and medium-sized organisations – even some large ones – have a massive backlog. They often lack the know-how and/or the time to deal in detail with the logs […]
A study by G DATA, Statista and brand eins confirms that IT security in the DACH region is in a poor state. Many organizations still believe that attackers are not interested in them. The organizations that are aware of the dangers are plagued by staff shortages: qualified IT security experts are scarce. Quote from the […]